The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. Our mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.

This is the new home of the CRS. The main goal of moving the CRS to OWASP is to better facilitate documentation and development of the rules. As you know, the OWASP pages are wiki-based so you all can go in there and help to document them :) I will add some example template pages soon to help get the ball rolling however my thinking is that we should emulate what Snort Sigs DB used to do and document the goal of each group of rules, what are they looking for, how are they looking for it and any false positive/exception fixes, etc...

2) Changes to the CRSThe latest version of the CRS is v2.0.0 and there are significant changes. The most important ones are related to running in an anomaly scoring mode which allows the rules to collaborate to an overall anomaly score. This will allow users to set appropriate thresholds for their sites for logging/blocking. There are too many other changes to mention directly here so please review the CHANGELOG file -http://voxel.dl.sourceforge.net/project/mod- security/modsecurity-crs/0-CURRENT/CHANGELOG

3) Rule Update Tracking for the CRSWhile the new OWASP project site will mainly be used for documentation purposes, all CRS rule issues will be tracked by using our Jira app -https://www.modsecurity.org/tracker/. We want to track all bugs, false positives and false negatives (if there are any bypass evasion issues that you find), etc...

We are very excited about this new momentum for the CRS and we look forward to a more collaborative exchange with the community!